Alliance articles

Countering the threat

As many businesses count the cost of recent terrorist attacks in London, John McLaren Stewart of risk management firm Alliance highlights the key issues that firms need to consider to help protect themselves against future threats.

"There is a serious and sustained threat against the UK, including the business community". Not my words but the words of Eliza Manningham-Buller, Director General of The Security Service (MI5) spoken in November 2004. Stark words indeed in view of the activities of 7/7 and the subsequent events.

Our experience in the corporate risk and insurance world together with our work with the Security Service over the past year has highlighted that prior to the recent terror attacks in London, businesses had essentially forgotten about the issues of terrorism.

Critical National Infrastructure (CNI) is believed to be the main target of terrorists. CNI includes the shipping ports, power stations and transport systems. These areas are generally well protected with high levels of security, as are the major oil and chemical plants, and these companies take the terrorism threat very seriously indeed. However, the inevitable has happened and the UK has been hit. And I can tell you, most SMEs are not well prepared.

Many businesses will have suffered financially as a result. It's not just the direct impact that causes the problems. Indeed, the indirect cost consequences of these type of incidents always outweigh the direct.

Stories will emerge over the coming months of businesses with cash-flow difficulties, staffing and sales problems, lost contracts, communication problems, insurance companies not paying out on business interruption policies, disaster plans that were inadequate and much, much more. Let's not forget that an incident like this can strike anywhere in the UK. This is not just about individual businesses but also the knock on effect - a case of the whole being much greater than the parts.

So why should SMEs ramp up their terrorism security systems? I would suggest three key overriding reasons:

To protect your own business reputation

What would you do if one of your employees was injured or died as a result of a terrorist attack or was even identified as being a suicide bomber? How will you and your business look if there is an incident near any of your locations and your company is being besieged by press and police investigators and your staff are running about like headless chickens because they didn't get a leadership and incident management plan to follow and they weren't properly trained to cope? How a company responds to crisis has a significant effect on the company's reputation amongst its customers, employees, the media and others.

To protect your own trading position

It may not be your business that is hit but it may well be one of your suppliers, a utility provider, water supply, the IT infrastructure or a transport hub where your raw materials come through. How good are your crisis management and business continuity plans? If you have them in place, when were they last revised and have you ever tested them to make sure that they work? Are names and telephone numbers contained still correct?

To play your part

It's not just good business sense to protect our businesses from the threat of terrorism - it's our patriotic duty. We have a responsibility to ensure that the efforts of terrorists cause minimum disruption to the economy.

The bomb attacks in London will have woken many business leaders from their "it won't happen to us" viewpoint. The problem here is we are just looking at one type of incident, business leaders must be wider prepared.

So what do you need to consider?

Here are some quick example areas you should include in an analysis and action plan:

Physical security - Terrorist will target areas with a high potential casualty count. In addition, do you manufacture/supply products that may be of use to terrorists?

Money laundering - Terrorists need money.You have a legal requirement in this area. Do you comply?

Employee screening - Do you know your employees, do you carry out background checks? Have you taken references, have you seen their passport?

Suppliers - If they are affected by an incident what action will they take to ensure you receive your supplies when you need them? What about piracy/shipping attacks holding up your JIT manufacturing process? What preparation have you made?

IT and communication systems - In New York on 9/11 and London on 7/7 the communication systems were overloaded. What will you do if this happens in your area?

Medical care training - Just suppose there was an incident involving your location, how would you treat injured staff and customers?

Local authority and local police liaison - How will your planning fit with the actions your LA will take under the Civil Contingencies Act 2004?

You have an obligation under Health & Safety law to provide a safe working environment for your employees. Surely then, this also means you must also show that you have assessed possible problems as a result of terrorism issues?

It's all scary stuff not to mention complex and I can quite understand the temptation for firms to put off this type of planning. The key thing to remember is that it's do-able. If you take a structured approach, are thorough and seek help where you need it you will be sufficiently prepared should the unexpected happen. As we say at Alliance - Good Risk Management is Good Management.

Reproduced with kind permission of Business 550.